What you'd actually do

Identify and analyze data sources to uncover cybercrime patterns and trends targeting our services and customers.

Build proof-of-concept and prototype threat-hunting tools, automations, and new capabilities.

Collaborate with security engineers and cross-company stakeholders to implement comprehensive investigative and enforcement strategies.

Lead and support complex fraud investigations involving cyber-enabled financial crime, including online scams, business email compromise (BEC), payment fraud, account abuse, and related large-scale fraud activity.

Conduct analysis on large, complex datasets to detect and investigate anomalies and develop actionable insights and strategies.

Skills

Required

Microsoft SQL Server
KQL
Python
scripting languages
malware analysis
malware reverse engineering
behavioral malware analysis
technical investigative reports
data analysis

Nice to have

Compliance
Finance
Data-Analytics
Investigations
incident response
computer forensics
Indicators of Compromise (IOCs)
Indicators of Activity (IOAs)
Tools, Techniques, and Procedures (TTPs)
attribution
cryptocurrency
blockchain investigation tools

What the JD emphasized

5+ years experience in Compliance, Finance, Data-Analytics, Investigations, or related field

Proficient with Microsoft SQL Server, KQL, Python, and/or other scripting languages.

Proficient knowledge of malware analysis, malware reverse engineering, and behavioral malware analysis.

Demonstrated ability to author clear, accurate, and highly technical investigative reports

Overview

Microsoft’s DCU is a global team of attorneys, investigators, and analysts committed to leading the fight against cybercrime to protect our customers and promote global trust in Microsoft. Through strategic partnerships with Microsoft’s unparalleled threat intelligence community, fraud and abuse teams, and engineering support, DCU develops and employs innovative legal and technical strategies to detect, disrupt, and deter cybercrime, cyber-enabled fraud and scams, and other online threats. DCU sits in Customer Security & Trust (CST) within Microsoft’s Corporate, External, and Legal Affairs (CELA). DCU takes affirmative action to proactively defend against online threats and actors. Since its inception, DCU has filed lawsuits against over 35 malware families, state-sponsored actors, and the developers of cybercrime tools and services (including Cybercrime-as-a-Service platforms).

In this role you will investigate major cyber threats—including ransomware, malware, business email compromise (BEC), account takeovers, tech support fraud, and other online scams—while working alongside threat intelligence professionals, security engineers, and fraud investigators to build evidence against criminal and state-sponsored actors. As a DCU investigative expert, you will detect cybercrime, map malicious infrastructure, prevent misuse of Microsoft services, and help make the global online ecosystem safer.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

Identify and analyze data sources to uncover cybercrime patterns and trends targeting our services and customers.
Build proof-of-concept and prototype threat-hunting tools, automations, and new capabilities.
Collaborate with security engineers and cross-company stakeholders to implement comprehensive investigative and enforcement strategies.
Lead and support complex fraud investigations involving cyber-enabled financial crime, including online scams, business email compromise (BEC), payment fraud, account abuse, and related large-scale fraud activity.
Conduct analysis on large, complex datasets to detect and investigate anomalies and develop actionable insights and strategies.
Identify and map malicious technical infrastructure used to facilitate cybercrime.
Work independently to detect, investigate, and understand new and emerging cybercrime attack vectors.
Partner with DCU attorneys to develop legal strategies to disrupt and impact online criminal networks.
Draft criminal referrals for law enforcement.
Provide expert witness testimony in court filings and proceedings.

Experience in the following areas would be a plus

Ability to meet Microsoft, customer, and/or government security screening requirements for this role (including specialized security screenings).
Microsoft Cloud Background Check: required upon hire/transfer and every two years thereafter.
Collaborative, team-first mindset.
Exceptional written and verbal communication skills, including the ability to translate complex technical findings for a broad range of stakeholders (e.g., law enforcement, legal counsel, and executives).

Qualifications

Required Qualifications

5+ years experience in Compliance, Finance, Data-Analytics, Investigations, or related field OR equivalent experience.
5+ years experience in Compliance, Finance, Data-Analytics, Investigations, or related field OR equivalent experience.
Proficient with Microsoft SQL Server, KQL, Python, and/or other scripting languages.
Proficient knowledge of malware analysis, malware reverse engineering, and behavioral malware analysis.
Demonstrated ability to author clear, accurate, and highly technical investigative reports that translate complex technical findings into actionable insights for non-technical audiences, including legal, executive, and law enforcement stakeholders.

Preferred Qualifications

Bachelor’s degree in business, Accounting, Criminal Justice, Law, International Relations or related field AND 12+ years experience in Compliance, Cyber Finance, Data-Analytics, Investigations, or related field OR equivalent experience.
Industry certifications related to security and/or investigations (e.g., incident response, computer forensics).
Experience with sophisticated threat actor evidence, including familiarity with common Indicators of Compromise (IOCs), Indicators of Activity (IOAs), and Tools, Techniques, and Procedures (TTPs).
Extensive experience in attribution, creating threat groups, assessing linkages between established threat groups, and communicating attribution assessments to internal stakeholders.
Experience leading or supporting complex fraud investigations, including large-scale online fraud, scams, business email compromise (BEC), payment fraud, account abuse, or related cyber-enabled financial crime.
Proficiency with attacks on endpoints, cloud, network, and identity-based systems, along with strong investigative practices and communication skills.
Published research (blogs, presentations, etc.) on new threat actor TTPs.
Experience in cryptocurrency and blockchain investigation tools.
Advanced skills in analyzing large datasets and developing effective investigative action plans.
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about **requesting accommodations.**